Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2024/09/05 5:15 a.m.16 views

CVE-2024-8178

The ctlwritebuffer and ctlreadbuffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which...

9.3CVSS0.02959EPSS
Exploits0References2
NVD
NVDadded 2024/09/05 5:15 a.m.13 views

CVE-2024-32668

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, whic...

8.2CVSS0.00112EPSS
Exploits0References2
NVD
NVDadded 2024/09/05 5:15 a.m.16 views

CVE-2024-45063

The function ctlwritebuffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process,...

9.8CVSS0.0689EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/09/05 4:31 a.m.15 views

CVE-2024-42416 Multiple issues in ctl(4) CAM Target Layer

The ctlreportsupportedopcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on...

7.9AI score0.01002EPSS
Exploits0References1
CVE
CVEadded 2024/09/05 4:31 a.m.52 views

CVE-2024-42416

CVE-2024-42416 affects FreeBSD ctl(4) CAM Target Layer: ctl_report_supported_opcodes did not properly validate a field from userspace, enabling an arbitrary write into limited kernel help memory. Impact: guest VMs using virtio_scsi can abuse this to execute code on the host bhyve process (root), ...

8.8CVSS9.1AI score0.01002EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2024/09/05 4:15 a.m.11 views

CVE-2024-41928

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve...

8.4CVSS0.00046EPSS
Exploits0References2
CVE
CVEadded 2024/09/05 3:32 a.m.47 views

CVE-2024-41928

CVE-2024-41928 affects FreeBSD bhyve: a buffer overflow in the MMIO path when TPM passthrough is enabled can let malware in a guest VM execute code on the host bhyve process (usually running as root). The FreeBSD advisory SA-24:10.bhyve documents the issue, impact, and remediation, including upgr...

8.4CVSS8.7AI score0.00046EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/08/01 12:0 a.m.1 views

FreeBSD Security Vulnerabilities

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD versions 13.1 and 13.2, which stems from a buffer overflow vulnerability in the fwctl driver state machine. The vulnerability can be exploited to execute arbitrary code as root ...

8.8CVSS8AI score0.00151EPSS
Exploits0References3
Rows per page
Query Builder